Meltdown & Spectre. What you need to know, and what you should do.

As you probably know, researchers recently uncovered Meltdown and Spectre – two related chip vulnerabilities – that can leave almost any device vulnerable to cyber attackers trying to access and exploit sensitive information.

• Meltdown primarily affects computer CPUs and a demo code has been released to exploit the vulnerability to access credentials, and other sensitive information from system memory.
• Spectre can allow the hacker to access sensitive information from applications and may be more difficult for hackers to exploit.

Zones security experts emphasize that fixes are already in the works for Meltdown but may not be available yet for all your devices. Fixes for Spectre may require hardware changes. Either way, we’re here to help.

Intel has stated that they are committed to working closely “with other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to mitigate this issue promptly and constructively.”

Apple has already released mitigations in iOS 11.2, macOS 10.13.2, and tvOS 11.2 to help defend against Meltdown. The release of a patch for the Safari web browser on its iPhone, iPads, and Macs to help defend against Spectre is expected soon.

What to do next.

• It is imperative that you make available Windows updates (KB4056892) to address the problem as soon as possible.
• Browser updates are needed and will be available relatively soon – and should also be applied.
• Vendors will be releasing BIOS updates from a hardware perspective, and those must be applied right away.

We’re here to answer any questions about device updates, software patches, and other security steps you can take now to fortify your security and protect your information. Contact your Zones account executive or call 800.408.ZONES to speak with a security specialist.

Further Information

• Intel Disclosure https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
• Google Disclosure https://security.googleblog.com/
• Apple Disclosure https://support.apple.com/en-us/HT208394